[Top] [All Lists]

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-16 11:33:18
On Sun, 15 Sep 2013 16:46:43 -0400, John C Klensin said:

FWIW, I note that,  a very long time ago, we deprecated the
explicit source routing for email that would have permitted my
MUA to specify where the message is to be submitted or what the
submission server is to use as a next hop on a per-message basis
and that we've discouraged arbitrary relaying.  If we hadn't
imposed those restrictions on ourselves (however good the
reasons), it would be relatively easy to design an MUA that
would be able to utilize a dozen different submission servers,
each of which could distribute to a dozen other first-hop relay
servers, all more or less at random and under MUA control and
all with encrypted tunnels.  It wouldn't be hard (e.g., by use
LMTP streams over TLS) to use content encryption up to the
second server in the path to prevent the submission server from
storing clear-text content without having to deal with the PKI
or PGP scaling problems in significant ways.   That would make
the protection you expect to get from TLS vastly stronger
because many courts that might issue orders for particular
messages or message groups on one particular server (or servers
operated by one company) are loathe to issue orders to multiple
server operators for messages that _might_ have passed through

That's basically re-inventing SMTP-over-TOR.

And I suspect the court order issue is a total red herring, as it's
pretty clear that many of the big players in the threat model don't
actually bother worrying about whether they can get a court order
or not.

Attachment: pgpRVCr2j0OVp.pgp
Description: PGP signature

ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>